03-27-2011, 05:13 PM
| | Re: Iranian hackers get fake HTTPS certs
["Followup-To:" header set to alt.computer.security.]
On 2011-03-27, Anonymous <firstname.lastname@example.org> wrote:
> Anonymous <email@example.com> wrote:
>> > On March 15th, an HTTPS/TLS Certificate Authority (CA) was tricked into
>> > issuing fraudulent certificates that posed a dire risk to Internet
>> > security.
>> What exactly would having these certificates allow them to do?
> Posing as mail.google.com, www.google.com, login.yahoo.com,
> login.skype.com, and others.
Especially useful if you are say the government of some country with
"opposition problems" and you want to keep track of their use of things
like google searches, skype calls, etc.